Protect Against Ransomware Threats

Protect Against Ransomware Threats

Reduce Vulnerabilities in Email and Corporate Systems

The news is littered with reports of organizations struggling to recover from ransomware attacks. What is ransomware? It’s when criminals lock a company’s files by encrypting them, then demand payment to regain access. Sometimes the attacker makes an additional threat of releasing private data if ransom is not paid.

Federal law enforcement recommends that ransom not be paid, removing the incentive to continue this type of attack. But business continuity and a cost comparison between ransom and lost revenue/recovery costs makes the decision a difficult one. Even after recovery, questions remain on how the attack got in and what other malicious activities were left behind.

A good defense is to prevent opportunities for ransomware by looking at the common ways the attacks are launched. Unfortunately, as ransomware has become the top producing revenue source for criminals, the sophistication of the attacks has also increased. The main attack vectors are email and system security vulnerabilities.

Email Vulnerabilities
Employees are said to be the weakest link in a company’s security. Why? Because it costs very little for internet criminals to send millions of emails to employees with malicious attachments in the hopes that even a small percentage will fall for the scam.

But employees who know to be wary of unexpected emails or to double-check the source are a great frontline defense. Some steps to develop a staff that can spot suspicious files and requests:
  • Give employees an email or a button to report suspicious emails and always respond.
  • Even those emails evaluated as safe should be acknowledged.
  • Remember to thank them for the report and show how their input improved defenses.
Email filtering is another point to break the attack cycle. Third party services are available to reduce spam and detect malicious emails. Additional services such as link analysis can check an email web link in a virtual machine, off your network, before allowing a connection. Your endpoint anti-virus vendor may have options and there are dedicated email filtering services that integrate into the delivery path.

System Vulnerabilities
The success of ransomware attacks has heightened focus on finding ways into corporate systems. In a largely automated process, the industrial-scale thieves comb internet connections looking for known weaknesses. Once found, the list of potential victims is presented (or sold) to hacking groups to launch attacks. Even smaller firms are not immune—the automated scans do not take business size into consideration.

Hacking has become an industry that operates at large volume to seek returns. One of the best defenses against these automated attacks is a robust patching program that includes validation (see our resource page on Building a Cyber Program).

Automatic updates have become the default for most systems, applications, and even web browsers, but additional steps are needed to ensure operations continuity and to validate that systems are working as well as we expect.

Updates, particularly version upgrades, carry a risk of breaking processes. Testing new patches is a good practice to avoid disruptions. Test systems are typically updated when patches are released by employees who work on the production versions regularly. For example, Accounting tries out the patched version of the finance systems. While the patches are being tested, Security and IT also watch for industry reports of early problems.

Validation of patching through vulnerability scanning comes in two parts:
  • Discovery: Do we know everything that is exposed?
  • Success: Did the patches apply properly on all systems?
Scanning each network segment for new devices helps detect new arrivals and checks that they are part of the update process. Accidents happen, and an old database server mistakenly added to an internet exposed network will be found by hackers in minutes.

Keep in mind that not every patch is successful. A machine may not have been on during patching or an error may have caused the patch to fail. Re-running vulnerability scans after a patching window allows us to validate we are as protected as expected after updates. Any outliers can be investigated and patched.


Richard Wolford
Software Engineer


PA Cybersecurity Resource Center
The PA Cybersecurity Resource Center is financed by a grant from the Commonwealth of Pennsylvania, Department of Community and Economic Development.
Copyright © 2024 Concurrent Technologies Corporation. All rights reserved. Send comments & questions to the Webmaster.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status, or any other characteristic protected by law.
CTC on Facebook    CTC on LinkedIn    CTC on YouTube